From 9b876b3304a441bf5615a26bf5dfea628323dded Mon Sep 17 00:00:00 2001
From: Jochen Schalanda <jochen@schalanda.name>
Date: Wed, 11 Nov 2020 08:21:29 +0100
Subject: [PATCH] Upgrade to Jackson 2.9.10.6

https://nvd.nist.gov/vuln/detail/CVE-2020-24750
https://nvd.nist.gov/vuln/detail/CVE-2020-24616

Release notes: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#micro-patches

>  jackson-databind 2.9.10.6 (24-Aug-2020) -- with jackson-bom version 2.9.10.20200824
>
>  * https://github.com/FasterXML/jackson-databind/issues/2798: Block one more gadget type (com.pastdev.httpcomponents, CVE-2020-24750
>  * https://github.com/FasterXML/jackson-databind/issues/2814: Block one more gadget type (Anteros-DBCP, CVE-2020-24616)
>  * https://github.com/FasterXML/jackson-databind/issues/2826: Block one more gadget type (com.nqadmin.rowset)
>  * https://github.com/FasterXML/jackson-databind/issues/2827: Block one more gadget type (org.arrahtec:profiler-core)
---
 metrics-json/pom.xml     | 2 +-
 metrics-servlets/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/metrics-json/pom.xml b/metrics-json/pom.xml
index d6cbc898d1..7892a05901 100644
--- a/metrics-json/pom.xml
+++ b/metrics-json/pom.xml
@@ -17,7 +17,7 @@
 
     <properties>
         <javaModuleName>com.codahale.metrics.json</javaModuleName>
-        <jackson.version>2.9.10.5</jackson.version>
+        <jackson.version>2.9.10.6</jackson.version>
     </properties>
 
     <dependencyManagement>
diff --git a/metrics-servlets/pom.xml b/metrics-servlets/pom.xml
index d9398409dd..c11fcd1248 100644
--- a/metrics-servlets/pom.xml
+++ b/metrics-servlets/pom.xml
@@ -20,7 +20,7 @@
         <javaModuleName>com.codahale.metrics.servlets</javaModuleName>
         <papertrail.profiler.version>1.1.1</papertrail.profiler.version>
         <servlet.version>3.1.0</servlet.version>
-        <jackson.version>2.9.10.5</jackson.version>
+        <jackson.version>2.9.10.6</jackson.version>
     </properties>
 
     <dependencyManagement>